A Day in the Life of a Cyber Security (SOC) Analyst (MSSP)
HTML-код
- Опубликовано: 26 июн 2024
- Curious about the exciting world of a Tier 1 Jr security SOC analyst in a managed security service provider? Dive into their day to day life and discover what they typically do. Gain valuable knowledge in learning how to take advantage and practical tips for pursuing a career in security analysis.
If you want to become a SOC Analyst grab the no BS SOC roadmap here
mydfir.gumroad.com/l/SOC-Anal...
#SecurityAnalyst #Cybersecurity #careertips #mssp #SOC #cybersecurityanalyst #dayinthelife
_________________________________
THE MYDFIR SOC ANALYST COURSE:
With 8 chapters and 30+ hands-on labs tailored to security operations, I am focused on transforming you into a standout SOC analyst. Beyond tools, you'll master the investigation process and uncover hidden details. Let's make a real difference together.
▸Enroll here: academy.mydfir.com/p/soc
_________________________________
SIGN UP FOR FREE MENTORSHIP
Getting started in Cybersecurity is difficult and you don't have to do it alone.
Let me help you on your journey.
▸Sign up for FREE here: www.mydfir.com/mentorship
_________________________________
RECOMMEND COURSES FOR BEGINNERS:
Coursera Google Cybersecurity Program
Affiliate Link - imp.i384100.net/mydfir
Microsoft Cybersecurity Analyst Professional Certificate
Affiliate Link - imp.i384100.net/mydfir-MS
Coursera Google IT Support Professional Certificate
Affiliate Link - imp.i384100.net/mydfir-IT
_________________________________
PRODUCTS TO HELP YOU GET STARTED
🗺️ 1-Year Cybersecurity Roadmap: mydfir.gumroad.com/l/roadmap
📄 Resume Template: mydfir.gumroad.com/l/Resume-T...
📑 Cover Letter Template: mydfir.gumroad.com/l/Cover-Le...
🎙️ Interview Questions: www.mydfir.com/interview
📚 Cybersecurity bookmarks: mydfir.gumroad.com/l/bookmarks
_________________________________
EARLY ACCESS & EXCLUSIVE VIDEOS
Patreon: / mydfir
_________________________________
🕒 TIMELINE
00:00 - Intro
00:57 - Day in the life
01:25 - Monitor Queue
01:53 - Create Ticket
02:02 - Triage
02:35 - Escalate or Close Ticket
02:42 - Use case tuning
03:11 - Summary
03:18 - Number 1
03:24 - Number 2
03:33 - Side Note
03:44 - Number 3
04:10 - Number 4
04:28 - Number 5
04:35 - How to take advantage
05:20 - Story
06:10 - How to improve
_________________________________
FOLLOW ME ON SOCIAL MEDIA:
▸Instagram: / mydfir
▸X: x.com/@MyDFIR
Disclaimer: All opinions in my videos are solely my own. Some links provided are affiliate links!
#cybersecurity #cybersecuritytrainingforbeginners #cybersecurityforbeginners #socanalyst #soc
SIGN UP FOR FREE MENTORSHIP
Getting started in Cybersecurity is difficult and you don't have to do it alone. Let me help you in your journey by providing you with tips to put you on the right path.
▸Sign up for FREE here: MyDFIR.com
This kind of videos happen once in a blue in my recommendation! I'm 101% fan. And I loved that you are very concise. Keep it up, I'm looking forward to seeing your new videos
Thanks for the kind words ❤️ videos every tuesday & thursdays!
Thanks for making things simple to understand. I am studying for CYSA+ and looking to start off as a SOC. Looking forward to more videos!
Thanks for watching! Best of luck on the cert and your job hunt
Just remember VT is not perfect. Blue Teaming really is a Team sport. The scope of what you have to know is vast. You need lots of brains so use your teammates. Also AI is helping now with some analysis. Also Cyberchef for the win!
Love this - You are absolutely correct. I've seen SOC analysts rely on VT to the point where if it is green == safe. There is such a thing called evasion, 0 days etc. Keeping this in mind and look for CONTEXT will help you fully understand what you are looking at. Couldn't agree more with the team sport. Communicate, collaborate and you'll be golden.
Cyberchef ♥
@@MyDFIR what do you do if virustotal doesn't recognize a specific process hash?
This video just makes me happy we run a tierless soc. Everyone is trained on an expected to know how to do almost everything except somw admin stuff.
Thats awesome - I’ve seen some of these and they work wonders.
What company?
Hey man, I just started as a SOC Analyst last June 5. It's almost a month now and all you're saying is literally the summary of a Tier 1 SOC Analyst. Great video man :D
Thanks! Congrats on starting as a SOC analyst! How is it so far? Do you enjoy it?
Did you get the job without a degree ?
@@saywhat4229 I have a degree in Electronics Engineering
on-site or remote yung work mo?
@@Vyper443 on-site po
Hello sir
Thank you for the video, and we support you with new video to help us better understand our environment as an analyst soc MSSP.
Good video, I'm currently an intern for the service desk and a rising sophomore at college, which hopes of being an analyst. Thanks for the information.
Awesome! Experience in service desk would compliment your skills overall, not just in cybersecurity. Great start and if needed, let me know how I can help!
this was incredibly helpful!!!
Thanks! I am happy to hear that 😁
Thank you for the video!
Anytime! Hope you enjoyed it 😃
I just finished my first week as a SOC Analyst I and this is one of the best videos explaining the day in the life, good job bro keep it up!
Do you have any tips on how to know what to look for/know it is normal?
That is a great question. First - Congratulations on becoming a SOC Analyst!!!
In terms of tips on how to know what to look for - This is a topic that I love talking about. I want to introduce you to the MITRE ATT&CK framework. This should provide you with some understanding of what to look for as MITRE will introduce you what a threat actor may perform to reach their objectives. As for "know it is normal", each organization will be different so I cannot explicitly say that is bad and that is good. Instead, I'll direct you to SANS FOR508 poster and combining the two, MITRE ATT&CK with SANS Poster, you should be in good hands.
MITRE: attack.mitre.org/
SANS: www.sans.org/posters/hunt-evil/
I hope that helps.
I am having a hard time landing my first SOC analyst position. Any advice, also cheers on the new job!
could you give us some inforamtions,which tools did you used and was that , great to hear that.
Goku give us some Tips.
Congratulations on your new role! If I may ask, slightly off-topic, how long did it take to get hired from your application to your first day?
I have been looking for these kind of videos. Thanks for the explanation man 👊
Glad you enjoyed it!
Did you get any certifications before entering cs?
@@Vyper443 The only certificate I had was CCNA. I had 1 year work experience in IT Support prior to starting my first role in cs.
Good advice, cheers dude! subbed.
Thanks!
Just found your channel yesterday and I'm really liking your videos. I think I'd love working in a SOC but have to wonder if I'm too old. I'm a retired police officer/digital forensic guy and used to hold the GCFA, but that's been about 8 years ago. Not sure if I''m past the point of getting into something like this. Anyway, really liking your content and keep up the great work!
You’re never too old. If you want to do it I’d say go for it! Try and apply and see what happens 😁
Thank you 🙏
Thanks for watching ❤️
nice explanation, thank you sir
Thanks for watching!
Lab work, lab work, lab work. Nothing beats getting your hands dirty with this stuff
100% agreed!!
Thank you for this, this is absolutely helping with my career choice in joining CyberSec. Theres a lot of videos talking about the pay/WFH aspect, but people need to realize no job with that pay is sunshine and rainbows. With that being said i feel like anyone with a desire to learn and get knee deep in a problem will have a good time in this industry and be rewarded accordingly. Thanks again for the fantastic video.
YES!! For me, the correct mindset is required to excel in this field. "I feel like anyone with a desire to learn and get knee deep in a problem will have a good time in this industry and be rewarded accordingly. " - Spot on my friend.
@@MyDFIR HA! Well i'm glad i have the right mindset. Currently i'm working as a Jr. sys admin mostly making automation scripts and such for our company to keep track of all our networks, but eventually im hoping to making the tranisiton in to CyberSec once i actually get some certs for that pesky HR software lol...
@@OLAScape_ 🤣those darn pesky HR software... You know how to find me if you have any questions!
Thanks, great video. I like to see content like this bc keep me motivate to studying and get a job as soc analyst
#BlueTeam
Love it - stay motivated, you’ll get there.
I see your video in my RUclips suggestions. Thank you for sharing your thorough career experience.
I am building my next career as a Forensic Accountant or similar Investigator, especially with technology investigations. I want to learn more about Cybersecurity to help me build.
I finally have some time to start back with looking to further my SANS Cyber Aces beginner information I was learning on my own briefly last year (I have been busy learning my new work position this year). 02sept23
Awesome! I am super excited for you - Let me know anytime if you have any questions along the way, ill be happy to provide support!
I am your 50th Subscriber
Thank you!! Never thought I would hit 50 subscribers this quick 😭 super grateful
Very nice video, thank you so much!.. I'm strongely thinking about becoming a Security Analyst... how realistic is it to expect to work a (Monday thru Friday/9 to 5) schedule?
If you are planning on becoming a JR SOC analyst, those hours are quite rare and typically given to senior analysts (tier 2/3 for example). However, some SOCs have offices all over the world so 9-5 might actually work but in most cases, I have not seen this except during the probation periods (first 3 month of hiring).
I'd say don't let that dissuade you, instead break into the field and work your way up. You'll land that 9-5 sooner than you think :)
Unfortunately, In some SOCs the T2 doesn't know much more than the T1 so getting assistance on new alerts isn't so easy in those circumstances.
What would you suggest in those situations?
Great question and I've experienced that quite a bit unfortunately. In those cases, I'll try and look for documentation on those alerts. Typically there is a master file of alerts/usecases with definitions and what it is trying to look for/alert on. IF there is no such document, ask amongst your peers and see if they are able to assist
Just passed my Comptia Security + but I don't have any other IT work experiences. Do you think i should apply for a SOC tier 1 role or until i get the Comptia Network+ as well? Thanks!
You can apply but simply having a certificate likely will not be enough. Network+ is great to reinforce your networking knowledge and ill always stand by it however, I would recommend tackling some labs and target those job specific related skills as well.
I'm a SOC analyst, but as a beginner, in our department, we lack processes and documentation. This causes us to often get stressed about alerts. I'd like to have some examples of processes and documentation that a soc analyst can use. It will help me a lot as well as our service.
Thank you in advance for your reply.
It really depends on each organization however you mentioned "we lack processes and documentation" what exactly are you missing? or how do you know you are lacking processes/documentation?
The answer to that question is where you put your focus on building said documentation.
For example, not sure what a certain alert means? or how to track false positives? Create documentation on it and outline the steps.
Hope that helps!
Thanks for this overview!
How often do you use SQL, Linux or Python at your job, or if you use either at all?
Just seems to me that everything taught on Google Cert is kind of overwhelming, I mean, there are different instructors for each course/skill so I don't think one person can be very good in all those skills, but at the same time, if they teach all of that, are we supposed to know that all when we are starting???
Great question! It all boils down to the role and responsibility. Where I al at, I maybe use Python 5% of the time? That is me trying to craft a quick script or modify an existing script but that is about it. However, compare that to Linux, I use that almost every time when I am involved in Incident Response.
In short, agree that it can be overwhelming but take these as “good to know” vs trying to be an expert at it. It is a good idea to be exposed to these and have a basic understanding.
Hope that helps!
@@MyDFIR Yeah, I realised that I need to understand better the roles and focus/improve on 1-2 skills to get started and after that, I can go back to the other "good to know" skills to grow in the profession. Changing careers is really challenging. 😅
Cheers! )
greatvideo thanks! should make a discord
Thank you! Discord is in the works 😀
I currently work at an SOC as an alarm monitor, do you have any recommendations on how this may relate to security work? I am currently finishing up my Google cybersecurity certificate and then it will be on security+
Hm I could assume what that role entails but if you could provide me with some more details I could see how it might relate. Great path so far!
Thank you for this video! Do you mind sharing how you got into this role? Did you start at Help Desk?
I am glad you enjoyed it! - I did start off my career as a Help Desk analyst and eventually transitioned into cyber security about a year into that role.
My journey on how I got started: ruclips.net/video/npgMSETCKfM/видео.html
@@MyDFIR Awesome! I should be hearing back today for a Help Desk role. I'm trying to decide which sector I would like to go into, but as for now, I'm going to focus on my experience at Help Desk and hopefully it provides some clarity for me.
@@treninajohnson3304 Sweet! Best of luck to you! If you ever need someone to bounce ideas off of, I am always happy to help.
Hey! Just wondering if you heard back from getting that help desk role?
@@MyDFIR hello! No, I didn't. I landed a sales job as a Business Development Representative and I hate it! It was very hard to land a help desk job with my lack of skills. Thanks for checking in.
After obtaining the security+ snd CASY+, which cert do you think should be next?
Depending on what your domain of interest is in, you could go for Blue Team Level One. However I would recommend making sure you dedicate some time for hands on lab work as well
I love BTL1, just finished their BTJA. Quality platform/cert IMO@@MyDFIR
Are you finding yourself doing a lot of research after normal work hours to keep up with new security threats or are you learning as you monitor and investigate these issues?
Great question - When I was working in a MSSP, it was quite difficult to do any research or learning due to the fast paced environment. After a shift I would be mentally drained and wouldn’t want to do anything outside of work.
But long story short, i learned on the fly. I tried leaning on senior analysts, reviewed others work and tried to understand why/how they came to that conclusion. As for learning new threats, I tried to take 30minutes to read whats happening around the industry before I began my shift.
leaving tier 2 firewall vendor support to pursue a soc carreer, I understand how hectic it gan get, but not having to make customer calls and fixing their company bad implementation (and ofc blaming the vendor device) is a plus +++ to me, idk, maybe I'm just burnt with customer support
Bad implementation 😂 these make me cry when I am doing an IR… especially if they are using default settings
Can make video for example. So that I can under process deeply and directly apply as experienced job. All fresher job asking min 6 months eco but how can get eco fresher
Hey! To clarify, did you want me to create a video on how to obtain experience?
Which tools you use more in the days tasks?
Various types of tools as it will depend on your clients. Typically expect some sort of cloud based solution so the Microsoft stack (Defender for xyz, Azure Sentinel) or mix of CrowdStrike, Chronicle and/or Splunk.
@@MyDFIR I think Cloud become "must".I'm thinking BLT1 cert do you recommend as a first cert or to go on Cloud?
Thanks your feedback was incredible with sense.
@@johnvardy9559 If I had to choose, I would go with BLT1. Yes the cloud is becoming a "must" but learning how to investigate should be primary focus if you want to get into a SOC environment. After, I would focus on getting some familiarity with the cloud.
@@MyDFIR you are the best thanks for everything
hey bro, im going to start cybersecurity next year, would you say it’s good to get a degree in it and to get certs at the same time?
will it look good when applying for jobs in the future?
Yup, if you have the time and resources, i would highly encourage that. The certs should help compliment your knowledge learned via degree. I would also throw in there some hands on experience as well. Good luck!
which tools you need for network analysis ?
I typically use wireshark if the pcap is not too large otherwise ill utilize Zeek, tcpdump. These are great tools for network analysis.
@@MyDFIR glad to hear that,also im trying to learn wireshark i spent a lot of time and i found already more than 4-5 tools and i feel overhwelmed.Also for tcpdump any resource? i though what was only for real capture nothing else.
@@johnvardy9559 TCPDump can capture and read packets. I usually combine that with egrep with awk/cut to really help with the output. Some people also like to use ngrep however, I've yet to use that actually.. I should probably try it out. The key here is focus on 1 tool for now which I recommend is Wireshark. This tool has helped me in many investigations, great resource to get comfortable in.
@@MyDFIR hi There, about nmap is something we need?
@@johnvardy9559 something we need? Not really but something to know about? Sure. As a SOC analyst you likely won’t need to use nmap but it is a tool that doesn’t hurt to learn.
How can i become a SOC what are the steps to start
I am assuming you are asking how can you become a SOC ANALYST vs becoming an actual SOC 😂 - Start your fundamentals, identify areas where you are weak in (IT/Network/Security) and work towards improving that. Then start to look for hands on experiences, there are free ones out there. Work on networking with people in this industry, update your resume and have a blog/github or anything to showcase your projects. - Afterwards, you can try to find a SOC related junior position.
Hope that helps!
Is $50-60k for a tier 1 soc analyst kinda on par ?
That is pretty much spot on. Of course depending on where you live/work will be a factor.
Nice :D
New Subscriber on 2,12k :v
Thanks for subbing and supporting the channel!
SO u r on the defensive side right?
Yup and I am loving it!
system hydrogen
owning the new alert is not scary, the scary thing is no body wanted to entertain/help you to solve that together. Or higher tier solve them by themself without involving you and you are in the dark. What even worse, the alert is causing something down, you make it even worse~~~lol~~~
Haha this is true - I take it you have experienced all of these? "higher tier solve them by themself without involving you and you are in the dark" This unfortunately happens so often but then there are times where the senior analyst actually put comments in the ticket on how they solved it but the junior analyst does not read & learn from it :(
@@MyDFIR this is a channel where you not only getting something away from the content but from comment as well...😊
most of the time, update in ticket from higher tier will not be details enough to understand what exactly has been done. maybe i'm too dumb to understand. I actually sometime reach out to higher tier and ask more about it and no getting response or they will say something like it's not tier 1 responsibility....story end.
btw, your reply seem very ai...lol
@@onionboy7271 LOL! I’ll take that as a compliment? 😂
Shave your chin
Never!!!!
Hey bro, nice vid. Just wondering if it’s a complete must to have a degree for this field. I have former law enforcement experience but only a few semester of college completed. Currently working on getting a CompTIA A+ and a few more certs before applying for a help desk position. Thanks for any info!
"Must have", no BUT will it help? 1000% Yes. - If you are in the position to obtain a relevant degree, I would say go for that option. CompTIA A+ is a great certificate to obtain to understand IT, good job on taking the initiative to work towards that cert. I have confidence that once you obtain A+, it will help you in search for that help desk position. Keep in mind that for junior roles, soft skills are more important than technical skills. Having both will make a killer combo.
Good luck in your search & studies!
@@MyDFIR thanks brother
@MyDFIR would skipping a+ and just getting security+ be good for a helpdesk role? Previous helpdesk role experience, years ago though.
Soc analyst = tech support
🤣to some degree, this is true - Instead of receiving phone calls you receive alerts haha
That makes sense. But you, sigma-yn3qd, do realize tech support is a demanding job. Many individuals and companies need that support consistently because of costs, time, knowledge, etc.
@@blackamericanlesbianprofes4357 yes i know but it's still basically tech support
Thank you!! Insta-sub here. Just taking my google/coursea foundation course, this has answered questions I had
Awesome, I hope you enjoy the course and feel free to ask any questions that may pop up during the course.
@@MyDFIR I can't thank you enough for posting your content already